| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes #11898
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This partly mirrors what the i-t script does (though that mounts all
children, recursively) ‒ /etc, /usr, /lib*, and /bin are all essential,
if present, to successfully invoke the real init, which will then mount
everything else it might need in the right order
The following extreme-case set-up boots w/o issues now:
/ zoot zfs rw,relatime,xattr,noacl
├─/etc zoot/etc zfs rw,relatime,xattr,noacl
├─/usr zoot/usr zfs rw,relatime,xattr,noacl
│ └─/usr/local zoot/usr/local zfs rw,relatime,xattr,noacl
├─/var zoot/var zfs rw,relatime,xattr,noacl
│ ├─/var/lib zoot/var/lib zfs rw,relatime,xattr,noacl
│ ├─/var/log zoot/var/log zfs rw,relatime,xattr,posixacl
│ ├─/var/cache zoot/var/cache zfs rw,relatime,xattr,noacl
│ └─/var/tmp zoot/var/tmp zfs rw,relatime,xattr,noacl
├─/home zoot/home zfs rw,relatime,xattr,noacl
│ └─/home/nab zoot/home/nab zfs rw,relatime,xattr,noacl
├─/boot zoot/boot zfs rw,relatime,xattr,noacl
├─/root zoot/home/root zfs rw,relatime,xattr,noacl
├─/opt zoot/opt zfs rw,relatime,xattr,noacl
└─/srv zoot/srv zfs rw,relatime,xattr,noacl
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes #11898
|
| |
|
|
|
|
|
|
|
| |
"debug" is also used by systemd itself, and there's really no reason for
the generator to write this much garbage by default
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes #11898
|
| |
|
|
|
|
| |
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes #11898
|
| |
|
|
|
|
|
|
|
|
| |
zfs-load-key.sh is called by the dracut-pre-mount.service unit which has
no explicit 'After' dependency on zfs-import.target. That way it can be
that the pool has not yet been imported and the zfs-load-key.sh finishes
without ever seeing the relevant pool.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Lorenz Hüdepohl <[email protected]>
Closes #11500
|
| |
|
|
|
|
|
|
|
| |
On openSUSE the initrd has systemctl in /usr/bin, check this path as
well.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Richard Laager <[email protected]>
Signed-off-by: Lorenz Hüdepohl <[email protected]>
Closes #11487
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
zgenhostid(8) is used to modify or create /etc/hostid. This
administrative tool is currently installed to bindir. System utilities
are typically placed in sbin.
Modify the installation directory for zgenhostid. Additionally, track
this change in its use in dracut and the rpm installation.
Authored-by: наб <[email protected]>
Authored-by: Antonio Russo <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Antonio Russo <[email protected]>
Closes #11485
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Despite that dracut has a hard dependency on bash,
its modules doesn't, dracut only has a hard dependency on bash for
module-setup (on a fully usable machine). Inside initramfs, dracut
allows users choose from a list of handful other shells, e.g. bash,
busybox, dash, mkfsh.
In fact, my local machine's initramfs is being built with dash,
and it's functional for a very long time.
Before 64025fa3a (Silence 'make checkbashisms', 2020-08-20), we also
allows our users to have that right, too.
Let's fix the problem 'make checkbashisms' reported and allows our users
to have that right, again.
For 'plymouth' case, let's simply run the command inside the if instead
of checking for the existence of command before running it, because the
status is also failture if plymouth is unavailable.
While we're at it, let's remove an unnecessary fork for grep in
zfs-generator.sh.in and its following complicated 'if elif fi' with
a simple 'case ... esac'.
To support this change, also exclude 90zfs from "make checkbashisms"
because the current CI infrastructure ships an old version of
"checkbashisms", which complains about "command -v", while the current
latest "checkbashisms" thinks it's fine. In the near future, we can
revert that change to "Makefile.am" when CI infrastructure is updated.
Reviewed-by: Gabriel A. Devenyi <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Đoàn Trần Công Danh <[email protected]>
Closes #11244
|
| |
|
|
|
|
|
|
|
| |
Bring over some of the improvements from dracut/zfs-load-key.sh,
shellcheck is slightly quieter as well
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes #11198
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The loop now has a less confusing condition and properly uses
systemctl(1) is-failed's return code instead of that entire mess
The assignments could turn into "var=val program" if encryptionroot
or keylocation had whitespace in them
As a bonus, this (mostly) silences shellcheck
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes #11198
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On systems with musl libc, hostid(1) always prints "00000000", which
will cause improper behavior when the 90zfs module is configured in a
dracut initramfs. Work around this by copying the host /etc/hostid if
the file exists, and otherwise only write /etc/hostid if hostid(1)
returns something meaningful. This avoids zgenhostid creating a random
/etc/hostid for the initramfs, which could lead to errors when trying to
import the pool if spl_hostid isn't defined in the kernel command line.
Furthermore, tag the /etc/hostid file as hostonly, since it is system
specific and shouldn't be taken into account when trying to use an
initramfs generated in one system to boot into a different system.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Georgy Yakovlev <[email protected]>
Co-authored-by: Andrew J. Hesford <[email protected]>
Signed-off-by: Érico Rolim <[email protected]>
Closes #11174
Closes #11189
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change updates the documentation to refer to the project
as OpenZFS instead ZFS on Linux. Web links have been updated
to refer to https://github.com/openzfs/zfs. The extraneous
zfsonlinux.org web links in the ZED and SPL sources have been
dropped.
Reviewed-by: George Melikov <[email protected]>
Reviewed-by: Richard Laager <[email protected]>
Reviewed-by: Ryan Moeller <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #11007
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was discovered that dracut scripts and zgenhostid
always generate little-endian /etc/hostid.
This commit provides simple endianess-aware binary
and updates the scripts to use it.
New features include:
-f flag to force overwrite.
-o flag to write to different file (for dracut)
accepting both 0x01234567 and 01234567 values as input
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Olaf Faaland <[email protected]>
Signed-off-by: Georgy Yakovlev <[email protected]>
Closes #10887
Closes #10925
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit d2bce6d03 added the 'make checkbashisms' target but did not
resolve all of the bashisms in the scripts. This commit doesn't
resolve them all either but it does fix up a few, and it excludes
the others so 'make checkstyle' no longer prints warnings. It's
a small step in the right direction.
* Dracut is Linux specific and itself depends on bash. Therefore
all dracut support scripts can be bash specific, update their
shebang accordingly.
* zed-functions.sh, zfs-import, zfs-mount, zfs-zed, smart
paxcheck.sh, make_gitrev.sh - these scripts were excuded from
the check until they can be updated and properly tested.
* zfsunlock - only whole values for sleep are allowed.
* vdev_id - removed unneeded locals; use && instead of -a.
* dkms.mkconf, dkms.postbuil - use || instead of -o.
Reviewed-by: InsanePrawn <[email protected]>
Reviewed-by: Gabriel A. Devenyi <[email protected]>
Reviewed-by: Ryan Moeller <[email protected]>
Reviewed-by: George Melikov <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #10755
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A bunch of places need to edit files to incorporate the configured paths
i.e. bindir, sbindir etc. Move this logic into a common file.
Create arc_summary by copying arc_summary[23] as appropriate at build
time instead of install time.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Arvind Sankar <[email protected]>
Closes #10559
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reduce the usage of EXTRA_DIST. If files are conditionally included in
_SOURCES, _HEADERS etc, automake is smart enough to dist all files that
could possibly be included, but this does not apply to EXTRA_DIST,
resulting in make dist depending on the configuration.
Add some files that were missing altogether in various Makefile's.
The changes to disted files in this commit (excluding deleted files):
+./cmd/zed/agents/README.md
+./etc/init.d/README.md
+./lib/libspl/os/freebsd/getexecname.c
+./lib/libspl/os/freebsd/gethostid.c
+./lib/libspl/os/freebsd/getmntany.c
+./lib/libspl/os/freebsd/mnttab.c
-./lib/libzfs/libzfs_core.pc
-./lib/libzfs/libzfs.pc
+./lib/libzfs/os/freebsd/libzfs_compat.c
+./lib/libzfs/os/freebsd/libzfs_fsshare.c
+./lib/libzfs/os/freebsd/libzfs_ioctl_compat.c
+./lib/libzfs/os/freebsd/libzfs_zmount.c
+./lib/libzutil/os/freebsd/zutil_compat.c
+./lib/libzutil/os/freebsd/zutil_device_path_os.c
+./lib/libzutil/os/freebsd/zutil_import_os.c
+./module/lua/README.zfs
+./module/os/linux/spl/README.md
+./tests/README.md
+./tests/zfs-tests/tests/functional/cli_root/zfs_clone/zfs_clone_rm_nested.ksh
+./tests/zfs-tests/tests/functional/cli_root/zfs_send/zfs_send_encrypted_unloaded.ksh
+./tests/zfs-tests/tests/functional/inheritance/README.config
+./tests/zfs-tests/tests/functional/inheritance/README.state
+./tests/zfs-tests/tests/functional/rsend/rsend_016_neg.ksh
+./tests/zfs-tests/tests/perf/fio/sequential_readwrite.fio
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Arvind Sankar <[email protected]>
Closes #10501
|
| |
|
|
|
|
|
|
|
|
| |
There's no need to specify the srcdir explicitly in _HEADERS and
EXTRA_DIST.
Reviewed-by: Ryan Moeller <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Arvind Sankar <[email protected]>
Closes #10493
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The horrible effects of human slavery continue to impact society. The
casual use of the term "slave" in computer software is an unnecessary
reference to a painful human experience.
This commit removes all possible references to the term "slave".
Implementation notes:
The zpool.d/slaves script is renamed to dm-deps, which uses the same
terminology as `dmsetup deps`.
References to the `/sys/class/block/$dev/slaves` directory remain. This
directory name is determined by the Linux kernel. Although
`dmsetup deps` provides the same information, it unfortunately requires
elevated privileges, whereas the `/sys/...` directory is world-readable.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Ryan Moeller <[email protected]>
Signed-off-by: Matthew Ahrens <[email protected]>
Closes #10435
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Unlike other filesystems, snapshots and rollbacks of bootfs need to be
done from a rescue environment. This patch makes it possible to snap-
shot or rollback the bootfs simply by specifying bootfs.snapshot or
bootfs.rollback on the kernel command line. The operation will be
performed by dracut just before bootfs is mounted.
Reviewed-by: Antonio Russo <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Gregory Bartholomew <[email protected]>
Closes #10198
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not all systems / distros have a `/bin/bash`, and these scripts are
more difficult to run at development time.
For example, my system is NixOS which doesn't have a /bin/bash. This
is not a problem for NixOS building ZFS as a package: the build
environment automatically replaces these shebangs with corrected
paths.
The problem is much more annoying at development time: either the
scripts don't run, or I correct them for my local machine and deal with
a perpetually dirty work tree.
Before committing this patch I confirmed there are existing scripts
which use `/usr/bin/env` to locate bash, so I am thinking this is a
safe transformation.
There are a handful of other shebangs in this repository which don't
work on my system. This patch is useful on its own specifically for
`commitcheck.sh`, otherwise I can't validate my commits before
submission.
Here are the remaining shebangs which NixOS systems won't have:
1274 #!/bin/ksh -p
91 #!/bin/ksh
89 #! /bin/ksh -p
2 #!/bin/sed -f
1 #!/usr/bin/perl -w
1 #!/usr/bin/ksh
1 #!/bin/nawk -f
plus this which will create an invalid shebang in
`tests/zfs-tests/tests/functional/mv_files/mv_files_common.kshlib`:
echo "#!/bin/ksh" > $TEST_BASE_DIR/exitsZero.ksh
I chose to leave those alone for now, and gauge the interest in this
much smaller patch first.
The fixes for these are easy enough by simply using `/usr/bin/env ksh`:
91 #!/bin/ksh
1 #!/usr/bin/ksh
The fix for the other set is much trickier. Quoting the GNU coreutils
manual:
Most operating systems (e.g. GNU/Linux, BSDs) treat all text after
the first space as a single argument. When using env in a script it
is thus not possible to specify multiple arguments.
and not all `env`'s support arguments.
Mine (GNU Coreutils 8.31) does, though this feature is new since
April 2018, GNU Coreutils 8.30:
https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=668306ed86c8c79b0af0db8b9c882654ebb66db2
and worse, requires the -S argument:
-S, --split-string=S process and split S into separate arguments;
used to pass multiple arguments on shebang
lines
Example:
$ seq 1 2 | $(nix-build '<nixpkgs>' -A coreutils)/bin/env "sort -nr"
/nix/[...]-coreutils-8.31/bin/env: ‘sort -nr’: No such file or directory
/nix/[...]-coreutils-8.31/bin/env: use -[v]S to pass options in shebang lines
$ seq 1 2 | $(nix-build '<nixpkgs>' -A coreutils)/bin/env "-S sort -nr"
2
1
GNU Coreutils says FreeBSD's `env` does, though I wonder if FreeBSD's
would be unhappy with the `-S`:
https://www.gnu.org/software/coreutils/manual/html_node/env-invocation.html#env-invocation
BusyBox v1.30.1 does not, and does not have a `-S`-like option:
$ seq 1 2 | $(nix-build '<nixpkgs>' -A busybox)/bin/env "sort -nr"
env: can't execute 'sort -nr': No such file or directory
Toybox 0.8.1 also does not, and also does not have a `-S` option:
$ seq 1 2 | $(nix-build '<nixpkgs>' -A toybox)/bin/env "sort -nr"
env: exec sort -nr: No such file or directory
---
At any rate, if this patch merges and the remaining ~1,500 are updated,
the much larger patch should probably include a checkstyle-like test
asserting all new shebangs use `/usr/bin/env`. I also don't mind
dealing with NixOS weirdness if the project would prefer that.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Ryan Moeller <[email protected]>
Signed-off-by: Graham Christensen <[email protected]>
Closes #9893
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A change[1] was merged yesterday that should refer
to the zfs binary in the initramfs, but is actually
an unset shell variable.
This commit changes this line to call `zfs` directly
like the surrounding code.
[1]: cb5b875b273235a4a3ed28e16f416d5bb8865166
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Garrett Fields <[email protected]>
Reviewed-by: Richard Laager <[email protected]>
Signed-off-by: Ben Cordero <[email protected]>
Closes #9780
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the encryption key is stored in a file, the initramfs should not
prompt for the password. For example, this could be the case if the boot
partition is stored on removable media that is only present at boot time
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Garrett Fields <[email protected]>
Reviewed-by: Richard Laager <[email protected]>
Reviewed-by: Kjeld Schouten <[email protected]>
Signed-off-by: Sam Lunt <[email protected]>
Closes #9764
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't ask for the password / try to load the key if the key for the
encryptionroot is already loaded. The user might have loaded the key
manually or by other means before the scripts get called.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Tom Caputi <[email protected]>
Reviewed-by: Richard Laager <[email protected]>
Signed-off-by: Witaut Bajaryn <[email protected]>
Closes #9495
Closes #9529
|
| |
|
|
|
|
|
|
|
|
|
| |
Removes the 'ZFS=' prefix from $BOOTFS instead of $root. This makes sure
that the 'zfs:' prefix remains stripped so that users with
'root=zfs:dataset' cmdline can have key loaded on boot again.
Reviewed-by: Garrett Fields <[email protected]>
Reviewed-by: Dacian Reece-Stremtan <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Hiếu Lê <[email protected]>
Closes #9520
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Line 31 and 32 overwrote the ${root} variable which broke mount-zfs.sh
We have create a new variable for the dataset instead of overwriting the
${root} variable in zfs-load-key.sh${root} variable in zfs-load-key.sh
Reviewed-by: Kash Pande <[email protected]>
Reviewed-by: Garrett Fields <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Dacian Reece-Stremtan <[email protected]>
Closes #8913
Closes #9379
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The double-colon looked like a typo, but it's actually an obscure
feature. Rules with :: may appear multiple times and are run
independently of one another in the order they appear. The use of ::
for distclean-local was conventional, not accidental.
Add comments to indicate the intentional use of double-colon rules.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ryan Moeller <[email protected]>
Closes #9210
|
| |
|
|
|
|
|
|
|
|
|
| |
The whereis command should not be used since it may not exist
in the initramfs. The dracut plymouth module also uses the type
command instead of whereis.
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Garrett Fields <[email protected]>
Signed-off-by: Dacian Reece-Stremtan <[email protected]>
Closes #8920
Closes #8938
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Dracut depends on the environment variable BOOTFS to be set after pool
import. This dracut specific systemd ExecStartPost command should not be
called for any non-dracut systems, so let's move it to a static systemd
unit that.
Reviewed-by: Manuel Amador (Rudd-O) <[email protected]>
Reviewed-by: Matthew Thode <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Michael Niewöhner <[email protected]>
Closes #8510
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dracut howto proposed to boot from the root dataset of a pool.
Apart from this giving problems when booting (as the code seems to
expect a child dataset and creates an illegal dataset name when using
the root dataset) the technical limitations of the root dataset
(among others the inability to rename or destroy through the `zfs`
command) resulted in the general consensus to only use it as a
container for the datasets in the pool - not as a filesystem itself.
Removed the idea to boot from the root dataset.
Reviewed-by: George Melikov <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: bunder2015 <[email protected]>
Signed-off-by: Gregor Kopka <[email protected]>
Closes #8247
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the `cut -b` command is used by `parse-zfs.sh`,
ensure that it is copied to the initramfs.
Fix spl_hostid when set by cmdline. This follows a
similar logic from the `zgenhostid` script, using `echo`
instead of `printf`.
Reviewed-by: Olaf Faaland <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ben Cordero <[email protected]>
Closes #8197
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PR #8114 quoted the ${ENCRYPTIONROOT} parameter to ensure we don't
lose spaces when unlocking root filesystem in the off chance that
it has a space in its name.
Unfortunately, dracut and initramfs-tools do not actually get the
quotes from the cmdline. If we use root=ZFS="root pool/filesystem
name" the script still only sees root=ZFS=root and no quotation
marks.
Because + is a reserved character in ZFS, it's used as a
placeholder for spaces in the kernel cmdline. In this way,
root=ZFS=root+pool/filesystem+name will properly expand by
replacing the character with sed (POSIX compliant method).
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: bunder2015 <[email protected]>
Signed-off-by: Kash Pande <[email protected]>
Issue #8114
Closes #8117
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add quotations for ${ENCRYPTIONROOT} to avoid breaking systems
with a space in the name.
Reviewed-by: bunder2015 <[email protected]>
Reviewed-by: Tom Caputi <[email protected]>
Reviewed-by: George Melikov <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Kash Pande <[email protected]>
Related-to: #8093
Closes #8114
|
| |
|
|
|
|
|
|
|
| |
The new zfs-import.target should be used in place of the
zfs-import-*.service units.
Reviewed by: Brian Behlendorf <[email protected]>
Reviewed-by: Manuel Amador (Rudd-O) <[email protected]>
Signed-off-by: Antonio Russo <[email protected]>
Closes #6964
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Systemd binaries necessary for mounting an encrypted root dataset
weren't copied to initramfs generated by dracut. This patch fixes
this and copies these binaries unconditionally, that is
regardless of whether native ZFS encryption is used for the
root dataset.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: George Diamantopoulos <[email protected]>
Closes #7607
Closes #7719
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
vdev_id requires the program `basename` when handling short aliases
defined in `vdev_id.conf` (those defined without a leading path), but
`basename` is not always available in the dracut environment. This
causes the pool device names to change when using `by-vdev/` devices
or (in extreme cases) can make the pool import fail in dracut.
This commit fixes the problem by explicitly installing `basename`.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Steffen Müthing <[email protected]>
Closes #7562
|
| |
|
|
|
|
|
|
|
|
|
| |
Resolves importing root pool during boot in dracut. This case was
inadvertently broken with the module autoloading change in #7287.
Reviewed-by: Matthew Thode <[email protected]>
Reviewed-by: George Melikov <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Giuseppe Di Natale <[email protected]>
Signed-off-by: Kash Pande <[email protected]>
Closes #7322
|
| |
|
|
|
|
|
|
|
| |
Reviewed-by: Brian Behlendorf <[email protected]>
Co-authored-by: Kash Pande <[email protected]>
Co-authored-by: Matthew Thode <[email protected]>
Signed-off-by: Kash Pande <[email protected]>
Signed-off-by: Matthew Thode <[email protected]>
Closes #7214
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- enable booting from nested encrypted datasets
- fix plymouth boot splash passphrase entry
- optimize unlock process
Co-authored-by: Kash Pande <[email protected]>
Co-authored-by: Matthew Thode <[email protected]>
Signed-off-by: Kash Pande <[email protected]>
Signed-off-by: Matthew Thode <[email protected]>
Closes #7214
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Authored by: Chris Williamson <[email protected]>
Reviewed by: Matthew Ahrens <[email protected]>
Reviewed by: George Wilson <[email protected]>
Reviewed by: John Kennedy <[email protected]>
Reviewed by: Dan Kimmel <[email protected]>
Approved by: Garrett D'Amore <[email protected]>
Ported-by: Don Brady <[email protected]>
Ported-by: John Kennedy <[email protected]>
OpenZFS-issue: https://www.illumos.org/issues/7431
OpenZFS-commit: https://github.com/openzfs/openzfs/commit/dfc11533
Porting Notes:
* The CLI long option arguments for '-t' and '-m' don't parse on linux
* Switched from kmem_alloc to vmem_alloc in zcp_lua_alloc
* Lua implementation is built as its own module (zlua.ko)
* Lua headers consumed directly by zfs code moved to 'include/sys/lua/'
* There is no native setjmp/longjump available in stock Linux kernel.
Brought over implementations from illumos and FreeBSD
* The get_temporary_prop() was adapted due to VFS platform differences
* Use of inline functions in lua parser to reduce stack usage per C call
* Skip some ZFS Test Suite ZCP tests on sparc64 to avoid stack overflow
|
| |
|
|
|
|
|
|
| |
Reviewed-by: Kash Pande <[email protected]>
Reviewed-by: bunder2015 <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Matthew Thode <[email protected]>
Closes #7136
Closes #7140
|
| |
|
|
|
|
|
|
|
|
|
| |
The generated zfs-load-key.sh file should have been added to
the .gitignore file as part of commit 7da8f8d8. And the
generated file should not be included in the repo.
Reviewed-by: Matthew Thode <[email protected]>
Reviewed-by: Giuseppe Di Natale <[email protected]>
Reviewed by: George Melikov <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #7134
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The on-disk format for encrypted datasets protects not only
the encrypted and authenticated blocks themselves, but also
the order and interpretation of these blocks. In order to
make this work while maintaining the ability to do raw
sends, the indirect bps maintain a secure checksum of all
the MACs in the block below it along with a few other
fields that determine how the data is interpreted.
Unfortunately, the current on-disk format erroneously
includes some fields which are not portable and thus cannot
support raw sends. It is not possible to easily work around
this issue due to a separate and much smaller bug which
causes indirect blocks for encrypted dnodes to not be
compressed, which conflicts with the previous bug. In
addition, the current code generates incompatible on-disk
formats on big endian and little endian systems due to an
issue with how block pointers are authenticated. Finally,
raw send streams do not currently include dn_maxblkid when
sending both the metadnode and normal dnodes which are
needed in order to ensure that we are correctly maintaining
the portable objset MAC.
This patch zero's out the offending fields when computing
the bp MAC and ensures that these MACs are always
calculated in little endian order (regardless of the host
system's byte order). This patch also registers an errata
for the old on-disk format, which we detect by adding a
"version" field to newly created DSL Crypto Keys. We allow
datasets without a version (version 0) to only be mounted
for read so that they can easily be migrated. We also now
include dn_maxblkid in raw send streams to ensure the MAC
can be maintained correctly.
This patch also contains minor bug fixes and cleanups.
Reviewed-by: Jorgen Lundman <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed by: Matthew Ahrens <[email protected]>
Signed-off-by: Tom Caputi <[email protected]>
Closes #6845
Closes #6864
Closes #7052
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'zfs load-key -a' will only be called if needed. If a dataset not
needed for boot does not have its key loaded (home directories for
example) boot can still continue.
zfs:AUTO was not working via dracut, so we still need the generator
script to do its thing.
Reviewed-by: Richard Yao <[email protected]>
Reviewed-by: Manuel Amador (Rudd-O) <[email protected]>
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: loli10K <[email protected]>
Signed-off-by: Matthew Thode <[email protected]>
Closes #6982
Closes #7004
|
| |
|
|
|
|
| |
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Giuseppe Di Natale <[email protected]>
Signed-off-by: loli10K <[email protected]>
Closes #6962
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* PBKDF2 implementation changed to OpenSSL implementation.
* HKDF implementation moved to its own file and tests
added to ensure correctness.
* Removed libzfs's now unnecessary dependency on libzpool
and libicp.
* Ztest can now create and test encrypted datasets. This is
currently disabled until issue #6526 is resolved, but
otherwise functions as advertised.
* Several small bug fixes discovered after enabling ztest
to run on encrypted datasets.
* Fixed coverity defects added by the encryption patch.
* Updated man pages for encrypted send / receive behavior.
* Fixed a bug where encrypted datasets could receive
DRR_WRITE_EMBEDDED records.
* Minor code cleanups / consolidation.
Signed-off-by: Tom Caputi <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
On Void Linux (x86_64 musl) libgcc_s.so is located in "/usr/lib"
so it is not found by dracut and it produces an error.
Add a simple additional path check for "/usr/lib/libgcc_s.so*"
and install it in the initramfs.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: privb0x23 <[email protected]>
Closes #6715
|
| |
|
|
|
|
|
|
|
|
|
| |
while these are source by dracut (which is a bash script)
the practical difference is small, but it is more correct:
/bin/sh is not bash on all systems (e.g. Debian and its
derivatives use /bin/dash as /bin/sh by default).
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Fabian Grünbichler <[email protected]>
Closes #6491
|
| |
|
|
|
|
|
|
|
| |
The vdev_id script requires awk, grep, and head. Use dracut_install to
ensure that these commands are available in the initrd environment.
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Karsten Kretschmer <[email protected]>
Closes #6443
Closes #6452
|
| |
|
|
|
|
|
|
|
|
| |
The dracut/02zfsexpandknowledge/module-setup.sh.in has a syntax error
which makes the script unusable by a POSIX compliant shell like Dash
on Debian based systems.
Reviewed-by: Giuseppe Di Natale <[email protected]>
Reviewed-by: George Melikov <[email protected]>
Signed-off-by: Aron Xu <[email protected]>
Closes #5712
|
| |
|
|
|
|
|
| |
Two additional files were recently introduced and should be
ignored by git.
Signed-off-by: Brian Behlendorf <[email protected]>
Closes #5299
|
